From a95ce5bf457daa71bde3075a403c9414ad95e74f Mon Sep 17 00:00:00 2001 From: wangbin Date: Fri, 12 Sep 2025 11:19:35 +0800 Subject: [PATCH] add cryptomanager fuzztest Signed-off-by: wangbin --- .../framework/test/fuzztest/BUILD.gn | 10 +- .../BUILD.gn | 62 ++++++ .../corpus/init | 16 ++ .../cryptomanagerencryptdecrypt_fuzzer.cpp | 173 ++++++++++++++++ .../cryptomanagerencryptdecrypt_fuzzer.h | 21 ++ .../project.xml | 25 +++ .../BUILD.gn | 62 ++++++ .../corpus/init | 16 ++ .../cryptomanagerimportdeletekey_fuzzer.cpp | 161 +++++++++++++++ .../cryptomanagerimportdeletekey_fuzzer.h | 21 ++ .../project.xml | 25 +++ .../cryptomanagerrootkey_fuzzer/BUILD.gn | 63 ++++++ .../cryptomanagerrootkey_fuzzer/corpus/init | 16 ++ .../cryptomanagerrootkey_fuzzer.cpp | 176 ++++++++++++++++ .../cryptomanagerrootkey_fuzzer.h | 21 ++ .../cryptomanagerrootkey_fuzzer/project.xml | 25 +++ .../BUILD.gn | 62 ++++++ .../corpus/init | 16 ++ .../cryptomanagerupdatesecretmeta_fuzzer.cpp | 190 ++++++++++++++++++ .../cryptomanagerupdatesecretmeta_fuzzer.h | 21 ++ .../project.xml | 25 +++ 21 files changed, 1205 insertions(+), 2 deletions(-) create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/BUILD.gn create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/corpus/init create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/cryptomanagerencryptdecrypt_fuzzer.cpp create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/cryptomanagerencryptdecrypt_fuzzer.h create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/project.xml create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/BUILD.gn create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/corpus/init create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/cryptomanagerimportdeletekey_fuzzer.cpp create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/cryptomanagerimportdeletekey_fuzzer.h create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/project.xml create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/BUILD.gn create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/corpus/init create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/cryptomanagerrootkey_fuzzer.cpp create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/cryptomanagerrootkey_fuzzer.h create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/project.xml create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/BUILD.gn create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/corpus/init create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/cryptomanagerupdatesecretmeta_fuzzer.cpp create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/cryptomanagerupdatesecretmeta_fuzzer.h create mode 100644 services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/project.xml diff --git a/services/distributeddataservice/framework/test/fuzztest/BUILD.gn b/services/distributeddataservice/framework/test/fuzztest/BUILD.gn index e54fc7ba3..3def23227 100644 --- a/services/distributeddataservice/framework/test/fuzztest/BUILD.gn +++ b/services/distributeddataservice/framework/test/fuzztest/BUILD.gn @@ -18,5 +18,11 @@ import("//foundation/distributeddatamgr/datamgr_service/datamgr_service.gni") group("fuzztest") { testonly = true - deps = [ "storedebuginfo_fuzzer:fuzztest" ] -} \ No newline at end of file + deps = [ + "cryptomanagerencryptdecrypt_fuzzer:fuzztest", + "cryptomanagerimportdeletekey_fuzzer:fuzztest", + "cryptomanagerrootkey_fuzzer:fuzztest", + "cryptomanagerupdatesecretmeta_fuzzer:fuzztest", + "storedebuginfo_fuzzer:fuzztest", + ] +} diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/BUILD.gn b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/BUILD.gn new file mode 100644 index 000000000..659eacf17 --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/BUILD.gn @@ -0,0 +1,62 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +##############################hydra-fuzz######################################## +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/distributeddatamgr/datamgr_service/datamgr_service.gni") + +##############################fuzztest########################################## +ohos_fuzztest("CryptoManagerEncryptDecryptFuzzTest") { + module_out_path = "datamgr_service/datamgr_service" + + include_dirs = [ "${data_service_path}/framework/include" ] + + fuzz_config_file = "${data_service_path}/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer" + + sources = [ "cryptomanagerencryptdecrypt_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + "-Dprivate=public", + "-Dprotected=public", + ] + + deps = [ + "${data_service_path}/framework:distributeddatasvcfwk", + "${data_service_path}/service:distributeddatasvc", + ] + + external_deps = [ + "ability_base:base", + "ability_base:want", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "c_utils:utils", + "hilog:libhilog", + "huks:libhukssdk", + "ipc:ipc_core", + "kv_store:distributeddata_inner", + ] +} + +############################################################################### +group("fuzztest") { + testonly = true + + deps = [ ":CryptoManagerEncryptDecryptFuzzTest" ] +} +############################################################################### diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/corpus/init b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/corpus/init new file mode 100644 index 000000000..7ade8a0fa --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/cryptomanagerencryptdecrypt_fuzzer.cpp b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/cryptomanagerencryptdecrypt_fuzzer.cpp new file mode 100644 index 000000000..684d5dfd5 --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/cryptomanagerencryptdecrypt_fuzzer.cpp @@ -0,0 +1,173 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + +#include "cryptomanagerencryptdecrypt_fuzzer.h" +#include "crypto/crypto_manager.h" +#include "access_token.h" +#include "accesstoken_kit.h" +#include "hks_api.h" +#include "hks_param.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +using namespace OHOS::DistributedData; +using namespace OHOS::Security::AccessToken; +namespace OHOS { + +static constexpr int32_t KEY_LENGTH = 32; +static constexpr int32_t NONCE_SIZE = 12; +static constexpr int32_t AREA_MIN = -1; +static constexpr int32_t AREA_MAX = 10; +static constexpr int32_t TEST_USERID_NUM = 100; +static constexpr const char *TEST_USERID = "100"; +static constexpr const char *ROOT_KEY_ALIAS = "distributed_db_root_key"; +static constexpr const char *PROCESS_NAME = "distributeddata"; + +static std::vector randomKey; +static std::vector vecRootKeyAlias; +static std::vector nonce; + +void SetNativeTokenIdFromProcess(const std::string &process) +{ + std::string dumpInfo; + AtmToolsParamInfo info; + info.processName = process; + AccessTokenKit::DumpTokenInfo(info, dumpInfo); + size_t pos = dumpInfo.find("\"tokenID\": "); + if (pos == std::string::npos) { + return; + } + pos += std::string("\"tokenID\": ").length(); + std::string numStr; + while (pos < dumpInfo.length() && std::isdigit(dumpInfo[pos])) { + numStr += dumpInfo[pos]; + ++pos; + } + std::istringstream iss(numStr); + AccessTokenID tokenID; + iss >> tokenID; + SetSelfTokenID(tokenID); +} + +std::vector Random(int32_t len) +{ + std::random_device randomDevice; + std::uniform_int_distribution distribution(0, std::numeric_limits::max()); + std::vector key(len); + for (int32_t i = 0; i < len; i++) { + key[i] = static_cast(distribution(randomDevice)); + } + return key; +} + +uint32_t GetStorageLevel(int32_t area) +{ + if (area >= CryptoManager::Area::EL4 && area <= CryptoManager::Area::EL5) { + return HKS_AUTH_STORAGE_LEVEL_ECE; + } + if (area >= CryptoManager::Area::EL2 && area <= CryptoManager::Area::EL3) { + return HKS_AUTH_STORAGE_LEVEL_CE; + } + return HKS_AUTH_STORAGE_LEVEL_DE; +} + +void DeleteRootKey(int32_t area) +{ + struct HksParamSet *params = nullptr; + if (HksInitParamSet(¶ms) != HKS_SUCCESS) { + return; + } + auto storageLevel = GetStorageLevel(area); + std::vector hksParam = { + { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_AES }, + { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_AES_KEY_SIZE_256 }, + { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT }, + { .tag = HKS_TAG_DIGEST, .uint32Param = 0 }, + { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_NONE }, + { .tag = HKS_TAG_BLOCK_MODE, .uint32Param = HKS_MODE_GCM }, + { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = storageLevel }, + }; + if (storageLevel > HKS_AUTH_STORAGE_LEVEL_DE) { + hksParam.emplace_back(HksParam { .tag = HKS_TAG_SPECIFIC_USER_ID, .int32Param = TEST_USERID_NUM }); + } + if (HksAddParams(params, hksParam.data(), hksParam.size()) != HKS_SUCCESS) { + HksFreeParamSet(¶ms); + return; + } + if (HksBuildParamSet(¶ms) != HKS_SUCCESS) { + HksFreeParamSet(¶ms); + return; + } + struct HksBlob keyName = { uint32_t(vecRootKeyAlias.size()), const_cast(vecRootKeyAlias.data()) }; + (void)HksDeleteKey(&keyName, params); + HksFreeParamSet(¶ms); +} + +void SetUp(void) +{ + randomKey = Random(KEY_LENGTH); + vecRootKeyAlias = std::vector(ROOT_KEY_ALIAS, ROOT_KEY_ALIAS + strlen(ROOT_KEY_ALIAS)); + nonce = Random(NONCE_SIZE); +} + +void TearDown(void) +{ + randomKey.assign(randomKey.size(), 0); + nonce.assign(nonce.size(), 0); + DeleteRootKey(CryptoManager::Area::EL1); + DeleteRootKey(CryptoManager::Area::EL2); + DeleteRootKey(CryptoManager::Area::EL4); +} + +void EncryptAndDecryptFuzz(FuzzedDataProvider &provider) +{ + int32_t area = provider.ConsumeIntegralInRange(AREA_MIN, AREA_MAX); + std::string userId = provider.ConsumeRandomLengthString(); + CryptoManager::GetInstance().GenerateRootKey(); + CryptoManager::CryptoParams encryptParams = { .area = area, .userId = TEST_USERID }; + CryptoManager::CryptoParams encryptParams1 = { .area = area, .userId = userId }; + auto encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, encryptParams); + auto encryptKey1 = CryptoManager::GetInstance().Encrypt(randomKey, encryptParams1); + + SetUp(); + encryptKey = CryptoManager::GetInstance().Encrypt(randomKey, encryptParams); + encryptKey1 = CryptoManager::GetInstance().Encrypt(randomKey, encryptParams1); + + CryptoManager::CryptoParams decryptParams = { .area = area, + .userId = TEST_USERID, + .nonce = encryptParams.nonce }; + auto decryptKey = CryptoManager::GetInstance().Decrypt(encryptKey, decryptParams); + CryptoManager::CryptoParams decryptParams1 = { .area = area, + .userId = userId, + .nonce = encryptParams1.nonce }; + auto decryptKey1 = CryptoManager::GetInstance().Decrypt(encryptKey1, decryptParams1); + decryptKey.assign(encryptKey.size(), 0); + decryptKey1.assign(encryptKey1.size(), 0); + TearDown(); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + OHOS::SetNativeTokenIdFromProcess(OHOS::PROCESS_NAME); + FuzzedDataProvider provider(data, size); + OHOS::EncryptAndDecryptFuzz(provider); + return 0; +} \ No newline at end of file diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/cryptomanagerencryptdecrypt_fuzzer.h b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/cryptomanagerencryptdecrypt_fuzzer.h new file mode 100644 index 000000000..0fc6ecb0c --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/cryptomanagerencryptdecrypt_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CRYPTO_MANAGER_ENCRYPT_DECRYPT_FUZZER_H +#define CRYPTO_MANAGER_ENCRYPT_DECRYPT_FUZZER_H + +#define FUZZ_PROJECT_NAME "cryptomanagerencryptdecrypt_fuzzer" + +#endif // CRYPTO_MANAGER_ENCRYPT_DECRYPT_FUZZER_H \ No newline at end of file diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/project.xml b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/project.xml new file mode 100644 index 000000000..a37a23b15 --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerencryptdecrypt_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + \ No newline at end of file diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/BUILD.gn b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/BUILD.gn new file mode 100644 index 000000000..783867ccb --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/BUILD.gn @@ -0,0 +1,62 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +##############################hydra-fuzz######################################## +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/distributeddatamgr/datamgr_service/datamgr_service.gni") + +##############################fuzztest########################################## +ohos_fuzztest("CryptoManagerImportDeleteKeyFuzzTest") { + module_out_path = "datamgr_service/datamgr_service" + + include_dirs = [ "${data_service_path}/framework/include" ] + + fuzz_config_file = "${data_service_path}/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer" + + sources = [ "cryptomanagerimportdeletekey_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + "-Dprivate=public", + "-Dprotected=public", + ] + + deps = [ + "${data_service_path}/framework:distributeddatasvcfwk", + "${data_service_path}/service:distributeddatasvc", + ] + + external_deps = [ + "ability_base:base", + "ability_base:want", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "c_utils:utils", + "hilog:libhilog", + "huks:libhukssdk", + "ipc:ipc_core", + "kv_store:distributeddata_inner", + ] +} + +############################################################################### +group("fuzztest") { + testonly = true + + deps = [ ":CryptoManagerImportDeleteKeyFuzzTest" ] +} +############################################################################### diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/corpus/init b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/corpus/init new file mode 100644 index 000000000..7ade8a0fa --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/cryptomanagerimportdeletekey_fuzzer.cpp b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/cryptomanagerimportdeletekey_fuzzer.cpp new file mode 100644 index 000000000..ea1e6b549 --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/cryptomanagerimportdeletekey_fuzzer.cpp @@ -0,0 +1,161 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + +#include "cryptomanagerimportdeletekey_fuzzer.h" +#include "crypto/crypto_manager.h" +#include "access_token.h" +#include "accesstoken_kit.h" +#include "hks_api.h" +#include "hks_param.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +using namespace OHOS::DistributedData; +using namespace OHOS::Security::AccessToken; +namespace OHOS { + +static constexpr int32_t KEY_LENGTH = 32; +static constexpr int32_t NONCE_SIZE = 12; +static constexpr int32_t TEST_USERID_NUM = 100; +static constexpr const char *ROOT_KEY_ALIAS = "distributed_db_root_key"; +static constexpr const char *PROCESS_NAME = "distributeddata"; + +static std::vector randomKey; +static std::vector vecRootKeyAlias; +static std::vector nonce; + +void SetNativeTokenIdFromProcess(const std::string &process) +{ + std::string dumpInfo; + AtmToolsParamInfo info; + info.processName = process; + AccessTokenKit::DumpTokenInfo(info, dumpInfo); + size_t pos = dumpInfo.find("\"tokenID\": "); + if (pos == std::string::npos) { + return; + } + pos += std::string("\"tokenID\": ").length(); + std::string numStr; + while (pos < dumpInfo.length() && std::isdigit(dumpInfo[pos])) { + numStr += dumpInfo[pos]; + ++pos; + } + std::istringstream iss(numStr); + AccessTokenID tokenID; + iss >> tokenID; + SetSelfTokenID(tokenID); +} + +std::vector Random(int32_t len) +{ + std::random_device randomDevice; + std::uniform_int_distribution distribution(0, std::numeric_limits::max()); + std::vector key(len); + for (int32_t i = 0; i < len; i++) { + key[i] = static_cast(distribution(randomDevice)); + } + return key; +} + +uint32_t GetStorageLevel(int32_t area) +{ + if (area >= CryptoManager::Area::EL4 && area <= CryptoManager::Area::EL5) { + return HKS_AUTH_STORAGE_LEVEL_ECE; + } + if (area >= CryptoManager::Area::EL2 && area <= CryptoManager::Area::EL3) { + return HKS_AUTH_STORAGE_LEVEL_CE; + } + return HKS_AUTH_STORAGE_LEVEL_DE; +} + +void DeleteRootKey(int32_t area) +{ + struct HksParamSet *params = nullptr; + if (HksInitParamSet(¶ms) != HKS_SUCCESS) { + return; + } + auto storageLevel = GetStorageLevel(area); + std::vector hksParam = { + { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_AES }, + { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_AES_KEY_SIZE_256 }, + { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT }, + { .tag = HKS_TAG_DIGEST, .uint32Param = 0 }, + { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_NONE }, + { .tag = HKS_TAG_BLOCK_MODE, .uint32Param = HKS_MODE_GCM }, + { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = storageLevel }, + }; + if (storageLevel > HKS_AUTH_STORAGE_LEVEL_DE) { + hksParam.emplace_back(HksParam { .tag = HKS_TAG_SPECIFIC_USER_ID, .int32Param = TEST_USERID_NUM }); + } + if (HksAddParams(params, hksParam.data(), hksParam.size()) != HKS_SUCCESS) { + HksFreeParamSet(¶ms); + return; + } + if (HksBuildParamSet(¶ms) != HKS_SUCCESS) { + HksFreeParamSet(¶ms); + return; + } + struct HksBlob keyName = { uint32_t(vecRootKeyAlias.size()), const_cast(vecRootKeyAlias.data()) }; + (void)HksDeleteKey(&keyName, params); + HksFreeParamSet(¶ms); +} + +void SetUp(void) +{ + randomKey = Random(KEY_LENGTH); + vecRootKeyAlias = std::vector(ROOT_KEY_ALIAS, ROOT_KEY_ALIAS + strlen(ROOT_KEY_ALIAS)); + nonce = Random(NONCE_SIZE); +} + +void TearDown(void) +{ + randomKey.assign(randomKey.size(), 0); + nonce.assign(nonce.size(), 0); + DeleteRootKey(CryptoManager::Area::EL1); + DeleteRootKey(CryptoManager::Area::EL2); + DeleteRootKey(CryptoManager::Area::EL4); +} + +void ImportKeyFuzz(FuzzedDataProvider &provider) +{ + CryptoManager::GetInstance().GenerateRootKey(); + std::vector key = provider.ConsumeRemainingBytes(); + std::vector keyAlias = provider.ConsumeRemainingBytes(); + CryptoManager::GetInstance().ImportKey(key, keyAlias); +} + +void DeleteKeyFuzz(FuzzedDataProvider &provider) +{ + CryptoManager::GetInstance().GenerateRootKey(); + std::vector keyAlias = provider.ConsumeRemainingBytes(); + CryptoManager::GetInstance().DeleteKey(keyAlias); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + OHOS::SetNativeTokenIdFromProcess(OHOS::PROCESS_NAME); + OHOS::SetUp(); + FuzzedDataProvider provider(data, size); + OHOS::ImportKeyFuzz(provider); + OHOS::DeleteKeyFuzz(provider); + OHOS::TearDown(); + return 0; +} \ No newline at end of file diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/cryptomanagerimportdeletekey_fuzzer.h b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/cryptomanagerimportdeletekey_fuzzer.h new file mode 100644 index 000000000..6e25b4ee7 --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/cryptomanagerimportdeletekey_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CRYPTOMANAGER_IMPORT_DELETE_KEY_FUZZER_H +#define CRYPTOMANAGER_IMPORT_DELETE_KEY_FUZZER_H + +#define FUZZ_PROJECT_NAME "cryptomanagerimportdeletekey_fuzzer" + +#endif // CRYPTOMANAGER_IMPORT_DELETE_KEY_FUZZER_H \ No newline at end of file diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/project.xml b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/project.xml new file mode 100644 index 000000000..a37a23b15 --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerimportdeletekey_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + \ No newline at end of file diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/BUILD.gn b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/BUILD.gn new file mode 100644 index 000000000..9be2389b9 --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/BUILD.gn @@ -0,0 +1,63 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +##############################hydra-fuzz######################################## +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/distributeddatamgr/datamgr_service/datamgr_service.gni") + +##############################fuzztest########################################## +ohos_fuzztest("CryptoManagerRootKeyFuzzTest") { + module_out_path = "datamgr_service/datamgr_service" + + include_dirs = [ "${data_service_path}/framework/include" ] + + fuzz_config_file = + "${data_service_path}/framework/test/fuzztest/cryptomanagerrootkey_fuzzer" + + sources = [ "cryptomanagerrootkey_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + "-Dprivate=public", + "-Dprotected=public", + ] + + deps = [ + "${data_service_path}/framework:distributeddatasvcfwk", + "${data_service_path}/service:distributeddatasvc", + ] + + external_deps = [ + "ability_base:base", + "ability_base:want", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "c_utils:utils", + "hilog:libhilog", + "huks:libhukssdk", + "ipc:ipc_core", + "kv_store:distributeddata_inner", + ] +} + +############################################################################### +group("fuzztest") { + testonly = true + + deps = [ ":CryptoManagerRootKeyFuzzTest" ] +} +############################################################################### diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/corpus/init b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/corpus/init new file mode 100644 index 000000000..7ade8a0fa --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/cryptomanagerrootkey_fuzzer.cpp b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/cryptomanagerrootkey_fuzzer.cpp new file mode 100644 index 000000000..bb795b9f6 --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/cryptomanagerrootkey_fuzzer.cpp @@ -0,0 +1,176 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + +#include "cryptomanagerrootkey_fuzzer.h" +#include "crypto/crypto_manager.h" +#include "access_token.h" +#include "accesstoken_kit.h" +#include "hks_api.h" +#include "hks_param.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +using namespace OHOS::DistributedData; +using namespace OHOS::Security::AccessToken; +namespace OHOS { + +static constexpr int32_t KEY_LENGTH = 32; +static constexpr int32_t NONCE_SIZE = 12; +static constexpr int32_t TEST_USERID_NUM = 100; +static constexpr const char *ROOT_KEY_ALIAS = "distributed_db_root_key"; +static constexpr const char *PROCESS_NAME = "distributeddata"; + +static std::vector randomKey; +static std::vector vecRootKeyAlias; +static std::vector nonce; + +void SetNativeTokenIdFromProcess(const std::string &process) +{ + std::string dumpInfo; + AtmToolsParamInfo info; + info.processName = process; + AccessTokenKit::DumpTokenInfo(info, dumpInfo); + size_t pos = dumpInfo.find("\"tokenID\": "); + if (pos == std::string::npos) { + return; + } + pos += std::string("\"tokenID\": ").length(); + std::string numStr; + while (pos < dumpInfo.length() && std::isdigit(dumpInfo[pos])) { + numStr += dumpInfo[pos]; + ++pos; + } + std::istringstream iss(numStr); + AccessTokenID tokenID; + iss >> tokenID; + SetSelfTokenID(tokenID); +} + +std::vector Random(int32_t len) +{ + std::random_device randomDevice; + std::uniform_int_distribution distribution(0, std::numeric_limits::max()); + std::vector key(len); + for (int32_t i = 0; i < len; i++) { + key[i] = static_cast(distribution(randomDevice)); + } + return key; +} + +uint32_t GetStorageLevel(int32_t area) +{ + if (area >= CryptoManager::Area::EL4 && area <= CryptoManager::Area::EL5) { + return HKS_AUTH_STORAGE_LEVEL_ECE; + } + if (area >= CryptoManager::Area::EL2 && area <= CryptoManager::Area::EL3) { + return HKS_AUTH_STORAGE_LEVEL_CE; + } + return HKS_AUTH_STORAGE_LEVEL_DE; +} + +void DeleteRootKey(int32_t area) +{ + struct HksParamSet *params = nullptr; + if (HksInitParamSet(¶ms) != HKS_SUCCESS) { + return; + } + auto storageLevel = GetStorageLevel(area); + std::vector hksParam = { + { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_AES }, + { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_AES_KEY_SIZE_256 }, + { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT }, + { .tag = HKS_TAG_DIGEST, .uint32Param = 0 }, + { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_NONE }, + { .tag = HKS_TAG_BLOCK_MODE, .uint32Param = HKS_MODE_GCM }, + { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = storageLevel }, + }; + if (storageLevel > HKS_AUTH_STORAGE_LEVEL_DE) { + hksParam.emplace_back(HksParam { .tag = HKS_TAG_SPECIFIC_USER_ID, .int32Param = TEST_USERID_NUM }); + } + if (HksAddParams(params, hksParam.data(), hksParam.size()) != HKS_SUCCESS) { + HksFreeParamSet(¶ms); + return; + } + if (HksBuildParamSet(¶ms) != HKS_SUCCESS) { + HksFreeParamSet(¶ms); + return; + } + struct HksBlob keyName = { uint32_t(vecRootKeyAlias.size()), const_cast(vecRootKeyAlias.data()) }; + (void)HksDeleteKey(&keyName, params); + HksFreeParamSet(¶ms); +} + +void SetUp(void) +{ + randomKey = Random(KEY_LENGTH); + vecRootKeyAlias = std::vector(ROOT_KEY_ALIAS, ROOT_KEY_ALIAS + strlen(ROOT_KEY_ALIAS)); + nonce = Random(NONCE_SIZE); +} + +void TearDown(void) +{ + randomKey.assign(randomKey.size(), 0); + nonce.assign(nonce.size(), 0); + DeleteRootKey(CryptoManager::Area::EL1); + DeleteRootKey(CryptoManager::Area::EL2); + DeleteRootKey(CryptoManager::Area::EL4); +} + +void GenerateRootKeyFuzz(FuzzedDataProvider &provider) +{ + SetUp(); + uint32_t level = provider.ConsumeIntegral(); + std::string userId1 = provider.ConsumeRandomLengthString(); + CryptoManager::GetInstance().GenerateRootKey(); + CryptoManager::GetInstance().GenerateRootKey(HKS_AUTH_STORAGE_LEVEL_ECE, userId1); + CryptoManager::GetInstance().GenerateRootKey(HKS_AUTH_STORAGE_LEVEL_CE, userId1); + CryptoManager::GetInstance().GenerateRootKey(HKS_AUTH_STORAGE_LEVEL_DE, userId1); + CryptoManager::GetInstance().GenerateRootKey(level, userId1); + CryptoManager::GetInstance().CheckRootKey(); + std::string userId2 = provider.ConsumeRandomLengthString(); + CryptoManager::GetInstance().CheckRootKey(HKS_AUTH_STORAGE_LEVEL_DE, userId1); + CryptoManager::GetInstance().CheckRootKey(HKS_AUTH_STORAGE_LEVEL_DE, userId2); + CryptoManager::GetInstance().CheckRootKey(level, userId1); + TearDown(); +} + +void PrepareRootKeyFuzz(FuzzedDataProvider &provider) +{ + SetUp(); + uint32_t storageLevel = provider.ConsumeIntegral(); + std::string userId = provider.ConsumeRandomLengthString(); + CryptoManager::GetInstance().PrepareRootKey(storageLevel, userId); + CryptoManager::GetInstance().GenerateRootKey(HKS_AUTH_STORAGE_LEVEL_CE, userId); + CryptoManager::GetInstance().GenerateRootKey(HKS_AUTH_STORAGE_LEVEL_DE, "0"); + CryptoManager::GetInstance().PrepareRootKey(storageLevel, userId); + CryptoManager::GetInstance().PrepareRootKey(HKS_AUTH_STORAGE_LEVEL_CE, userId); + CryptoManager::GetInstance().PrepareRootKey(HKS_AUTH_STORAGE_LEVEL_DE, "0"); + TearDown(); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + OHOS::SetNativeTokenIdFromProcess(OHOS::PROCESS_NAME); + FuzzedDataProvider provider(data, size); + OHOS::GenerateRootKeyFuzz(provider); + OHOS::PrepareRootKeyFuzz(provider); + return 0; +} \ No newline at end of file diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/cryptomanagerrootkey_fuzzer.h b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/cryptomanagerrootkey_fuzzer.h new file mode 100644 index 000000000..41cd079ff --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/cryptomanagerrootkey_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CRYPTO_MANAGER_ROOT_KEY_FUZZER_H +#define CRYPTO_MANAGER_ROOT_KEY_FUZZER_H + +#define FUZZ_PROJECT_NAME "cryptomanagerrootkey_fuzzer" + +#endif // CRYPTO_MANAGER_ROOT_KEY_FUZZER_H \ No newline at end of file diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/project.xml b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/project.xml new file mode 100644 index 000000000..a37a23b15 --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerrootkey_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + \ No newline at end of file diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/BUILD.gn b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/BUILD.gn new file mode 100644 index 000000000..b291e5a67 --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/BUILD.gn @@ -0,0 +1,62 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +##############################hydra-fuzz######################################## +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/distributeddatamgr/datamgr_service/datamgr_service.gni") + +##############################fuzztest########################################## +ohos_fuzztest("CryptoManagerUpdateSecretMetaFuzzTest") { + module_out_path = "datamgr_service/datamgr_service" + + include_dirs = [ "${data_service_path}/framework/include" ] + + fuzz_config_file = "${data_service_path}/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer" + + sources = [ "cryptomanagerupdatesecretmeta_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + "-Dprivate=public", + "-Dprotected=public", + ] + + deps = [ + "${data_service_path}/framework:distributeddatasvcfwk", + "${data_service_path}/service:distributeddatasvc", + ] + + external_deps = [ + "ability_base:base", + "ability_base:want", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "c_utils:utils", + "hilog:libhilog", + "huks:libhukssdk", + "ipc:ipc_core", + "kv_store:distributeddata_inner", + ] +} + +############################################################################### +group("fuzztest") { + testonly = true + + deps = [ ":CryptoManagerUpdateSecretMetaFuzzTest" ] +} +############################################################################### diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/corpus/init b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/corpus/init new file mode 100644 index 000000000..7ade8a0fa --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/cryptomanagerupdatesecretmeta_fuzzer.cpp b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/cryptomanagerupdatesecretmeta_fuzzer.cpp new file mode 100644 index 000000000..49fd18e0b --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/cryptomanagerupdatesecretmeta_fuzzer.cpp @@ -0,0 +1,190 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + +#include "cryptomanagerupdatesecretmeta_fuzzer.h" +#include "crypto/crypto_manager.h" +#include "access_token.h" +#include "accesstoken_kit.h" +#include "hks_api.h" +#include "hks_param.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" + +using namespace OHOS::DistributedData; +using namespace OHOS::Security::AccessToken; +namespace OHOS { + +static constexpr int32_t KEY_LENGTH = 32; +static constexpr int32_t NONCE_SIZE = 12; +static constexpr int32_t AREA_MIN = -1; +static constexpr int32_t AREA_MAX = 10; +static constexpr int32_t TEST_USERID_NUM = 100; +static constexpr const char *TEST_USERID = "100"; +static constexpr const char *TEST_BUNDLE_NAME = "test_application"; +static constexpr const char *TEST_STORE_NAME = "test_store"; +static constexpr const char *ROOT_KEY_ALIAS = "distributed_db_root_key"; +static constexpr const char *PROCESS_NAME = "distributeddata"; + +static std::vector randomKey; +static std::vector vecRootKeyAlias; +static std::vector nonce; + +void SetNativeTokenIdFromProcess(const std::string &process) +{ + std::string dumpInfo; + AtmToolsParamInfo info; + info.processName = process; + AccessTokenKit::DumpTokenInfo(info, dumpInfo); + size_t pos = dumpInfo.find("\"tokenID\": "); + if (pos == std::string::npos) { + return; + } + pos += std::string("\"tokenID\": ").length(); + std::string numStr; + while (pos < dumpInfo.length() && std::isdigit(dumpInfo[pos])) { + numStr += dumpInfo[pos]; + ++pos; + } + std::istringstream iss(numStr); + AccessTokenID tokenID; + iss >> tokenID; + SetSelfTokenID(tokenID); +} + +std::vector Random(int32_t len) +{ + std::random_device randomDevice; + std::uniform_int_distribution distribution(0, std::numeric_limits::max()); + std::vector key(len); + for (int32_t i = 0; i < len; i++) { + key[i] = static_cast(distribution(randomDevice)); + } + return key; +} + +uint32_t GetStorageLevel(int32_t area) +{ + if (area >= CryptoManager::Area::EL4 && area <= CryptoManager::Area::EL5) { + return HKS_AUTH_STORAGE_LEVEL_ECE; + } + if (area >= CryptoManager::Area::EL2 && area <= CryptoManager::Area::EL3) { + return HKS_AUTH_STORAGE_LEVEL_CE; + } + return HKS_AUTH_STORAGE_LEVEL_DE; +} + +void DeleteRootKey(int32_t area) +{ + struct HksParamSet *params = nullptr; + if (HksInitParamSet(¶ms) != HKS_SUCCESS) { + return; + } + auto storageLevel = GetStorageLevel(area); + std::vector hksParam = { + { .tag = HKS_TAG_ALGORITHM, .uint32Param = HKS_ALG_AES }, + { .tag = HKS_TAG_KEY_SIZE, .uint32Param = HKS_AES_KEY_SIZE_256 }, + { .tag = HKS_TAG_PURPOSE, .uint32Param = HKS_KEY_PURPOSE_ENCRYPT | HKS_KEY_PURPOSE_DECRYPT }, + { .tag = HKS_TAG_DIGEST, .uint32Param = 0 }, + { .tag = HKS_TAG_PADDING, .uint32Param = HKS_PADDING_NONE }, + { .tag = HKS_TAG_BLOCK_MODE, .uint32Param = HKS_MODE_GCM }, + { .tag = HKS_TAG_AUTH_STORAGE_LEVEL, .uint32Param = storageLevel }, + }; + if (storageLevel > HKS_AUTH_STORAGE_LEVEL_DE) { + hksParam.emplace_back(HksParam { .tag = HKS_TAG_SPECIFIC_USER_ID, .int32Param = TEST_USERID_NUM }); + } + if (HksAddParams(params, hksParam.data(), hksParam.size()) != HKS_SUCCESS) { + HksFreeParamSet(¶ms); + return; + } + if (HksBuildParamSet(¶ms) != HKS_SUCCESS) { + HksFreeParamSet(¶ms); + return; + } + struct HksBlob keyName = { uint32_t(vecRootKeyAlias.size()), const_cast(vecRootKeyAlias.data()) }; + (void)HksDeleteKey(&keyName, params); + HksFreeParamSet(¶ms); +} + +void SetUp(void) +{ + randomKey = Random(KEY_LENGTH); + vecRootKeyAlias = std::vector(ROOT_KEY_ALIAS, ROOT_KEY_ALIAS + strlen(ROOT_KEY_ALIAS)); + nonce = Random(NONCE_SIZE); +} + +void TearDown(void) +{ + randomKey.assign(randomKey.size(), 0); + nonce.assign(nonce.size(), 0); + DeleteRootKey(CryptoManager::Area::EL1); + DeleteRootKey(CryptoManager::Area::EL2); + DeleteRootKey(CryptoManager::Area::EL4); +} + +void UpdateSecretMetaFuzz1(FuzzedDataProvider &provider) +{ + std::vector password = provider.ConsumeRemainingBytes(); + std::vector password1; + std::string metaKey = provider.ConsumeRandomLengthString(); + StoreMetaData metaData; + SecretKeyMetaData secretKey; + CryptoManager::GetInstance().UpdateSecretMeta(password1, metaData, metaKey, secretKey); + secretKey.nonce = nonce; + int32_t area = provider.ConsumeIntegralInRange(AREA_MIN, AREA_MAX); + secretKey.area = area; + CryptoManager::GetInstance().UpdateSecretMeta(password, metaData, metaKey, secretKey); +} + +void UpdateSecretMetaFuzz2(FuzzedDataProvider &provider) +{ + CryptoManager::GetInstance().GenerateRootKey(); + std::vector password = provider.ConsumeRemainingBytes(); + StoreMetaData metaData; + SecretKeyMetaData secretKey; + metaData.bundleName = TEST_BUNDLE_NAME; + metaData.storeId = TEST_STORE_NAME; + metaData.user = TEST_USERID; + metaData.area = CryptoManager::Area::EL1; + CryptoManager::GetInstance().UpdateSecretMeta(randomKey, metaData, metaData.GetSecretKey(), secretKey); + SetUp(); + CryptoManager::GetInstance().UpdateSecretMeta(randomKey, metaData, metaData.GetSecretKey(), secretKey); + + int32_t area = provider.ConsumeIntegralInRange(AREA_MIN, AREA_MAX); + std::string metaKey = provider.ConsumeRandomLengthString(); + std::string bundleName = provider.ConsumeRandomLengthString(); + std::string storeId = provider.ConsumeRandomLengthString(); + std::string user = provider.ConsumeRandomLengthString(); + metaData.bundleName = bundleName; + metaData.storeId = storeId; + metaData.user = user; + metaData.area = area; + CryptoManager::GetInstance().UpdateSecretMeta(password, metaData, metaKey, secretKey); + TearDown(); +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + OHOS::SetNativeTokenIdFromProcess(OHOS::PROCESS_NAME); + FuzzedDataProvider provider(data, size); + OHOS::UpdateSecretMetaFuzz1(provider); + OHOS::UpdateSecretMetaFuzz2(provider); + return 0; +} \ No newline at end of file diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/cryptomanagerupdatesecretmeta_fuzzer.h b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/cryptomanagerupdatesecretmeta_fuzzer.h new file mode 100644 index 000000000..73310035f --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/cryptomanagerupdatesecretmeta_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CRYPTO_MANAGER_UPDATE_SECRETMETA_FUZZER_H +#define CRYPTO_MANAGER_UPDATE_SECRETMETA_FUZZER_H + +#define FUZZ_PROJECT_NAME "cryptomanagerupdatesecretmeta_fuzzer" + +#endif // CRYPTO_MANAGER_UPDATE_SECRETMETA_FUZZER_H \ No newline at end of file diff --git a/services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/project.xml b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/project.xml new file mode 100644 index 000000000..a37a23b15 --- /dev/null +++ b/services/distributeddataservice/framework/test/fuzztest/cryptomanagerupdatesecretmeta_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + \ No newline at end of file -- Gitee